While a number of well-known retailers’ online payment websites, including Ticketmaster and British Airways, were compromised with formjacking code in recent months, small and medium-size retailers are, by and large, the most widely compromised.

Symantec, the top cyber security company, says its research reveals cyber criminals may have collected tens of millions of dollars last year, stealing consumers’ financial and personal information through credit card fraud and sales on the dark web. Just 10 credit cards stolen from each compromised website could result in a yield of up to $2.2 million each month, with a single credit card fetching up to $45 in the underground selling forums. With more than 380,000 credit cards stolen, the British Airways attack alone may have allowed criminals to net more than $17 million.

Cloud resources are increasingly easy targets for digital thieves with more than 70 million records stolen or leaked from poorly configured S3 public cloud storage buckets

More attackers display interest in compromising operational and industrial control systems with the potential for sabotage

Ransomware

In recent years, ransomware and cryptojacking, where cyber criminals harness stolen processing power and cloud CPU usage from consumers and enterprises to mine cryptocurrency, were the go-to methods for cyber criminals looking to make easy money. However, 2018 brought drop-offs in activity and diminishing returns, primarily due to declining cryptocurrency values and increasing adoption of cloud and mobile computing, rendering attacks less effective. For the first time since 2013, ransomware infections declined, dropping by 20%.

Cloud

Symantec also notes the same security mistakes that were made on PCs during their initial adoption by the enterprise are now happening in the cloud. A single misconfigured cloud workload or storage instance could cost a company millions of dollars or land it in a compliance nightmare. In the past year alone, more than 70 million records were stolen or leaked from poorly configured S3 buckets. There are also numerous, easily-accessible tools that allow attackers to identify misconfigured cloud resources on the internet.

Internet of Things

While the volume of Internet of Things (IoT) attacks remains high and consistent with 2017 levels, the profile of IoT attacks is changing dramatically. Although routers and connected cameras make up the largest percentage of infected devices (90%), almost every IoT device has been proven vulnerable, with everything from smart light bulbs to voice assistants creating additional entry points for attackers.

Smart Phones

Smart phones could arguably be the greatest spying device ever created – a camera, a listening device and location tracker all in one that is willingly carried and used wherever its owner goes. While already targeted by nation-states for traditional spying, smart phones have also become a lucrative means by which to collect consumers’ personal information, with mobile app developers existing as the worst offenders.

According to Symantec research, 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking, 46% of popular Android apps and 24% of popular iOS apps request permission to access your device’s camera, and email addresses are shared with 44% of the top Android apps and 48% of the most popular iOS apps.

Digital tools that gather cellphone data for tracking children, friends, or lost phones are also on the rise and clearing the way for abuse to track others without consent. More than 200 apps and services offer stalkers a variety of capabilities, including basic location tracking, text harvesting, and even secret video recording.

Other Frauds

Identity theft is the biggest pain-in-the-tookus for Americans, affecting more than 500,000 per year. Unlike hacking your computer, cell phone or other devices, identity theft is usually low-tech committed by unsophisticated slime balls.

Ransomware attacks continue to plague businesses of all sizes including tiny firms, possibly costing U.S. business $100 billion this year. Healthcare firms and even religious organizations have been targeted. Students are also a prime target. While, individuals are targeted too, most hackers go where the money is.

Robert McKinley, with 34 years experience covering payment cards, is Senior Analyst and Editor-in-Chief for CardTrak. He is the founder of RAM Research, CardWeb and CardTrak. McKinley has participated in more than 10,000 documented news media interviews with multiple appearances on every national news program. He is a published author and champion for consumers against bad business practices by issuers of credit cards, debit cards, prepaid cards at the highest levels. He has been named as one of nation’s top payment card experts. Full Bio: www.rbm4.com

View News by Date

Advertising Disclaimer: CardTrak.com continues a 32 year legacy by providing extensive and unbiased news and lists of credit cards and payment cards available to the general public. Our website and the information we provide is free of charge for all visitors. Likewise it is free for any credit card issuer or payment provider to have their products listed on CardTrak.com. We do our best to maintain accurate rates and information listed on our site, but do not guarantee the accuracy of the data. It is your responsibility to read the cardholder agreements before agreeing to accept any new card accounts. CardTrak is supported by advertising.